Known Vulnerabilities for products from Apereo

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apereo".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-43821 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.7 - HIGH 2021-12-14 2021-12-20
CVE-2021-43807 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 6.5 - MEDIUM 2021-12-14 2021-12-20
CVE-2021-42567 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 6.1 - MEDIUM 2021-12-07 2021-12-09
CVE-2021-32623 Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 a... 6.5 - MEDIUM 2021-06-16 2021-06-23
CVE-2021-21318 Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before... 5.4 - MEDIUM 2021-02-18 2021-02-26
CVE-2020-27178 Apereo CAS 5.3.x before 5.3.16, 6.x before, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys wit... 7.5 - HIGH 2020-10-16 2021-07-21
CVE-2020-26234 Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Open... 4.8 - MEDIUM 2020-12-08 2020-12-10
CVE-2020-5231 In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not... 6.5 - MEDIUM 2020-01-30 2020-02-10
CVE-2020-5230 Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be probl... 7.5 - HIGH 2020-01-30 2020-02-10
CVE-2020-5229 Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore... 8.1 - HIGH 2020-01-30 2020-02-05
CVE-2020-5228 Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is pa... 7.5 - HIGH 2020-01-30 2020-02-05
CVE-2020-5222 Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an addition... 8.8 - HIGH 2020-01-30 2020-02-05
CVE-2020-5206 In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper aut... 10 - CRITICAL 2020-01-30 2020-02-05
CVE-2019-10754 Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for toke... 8.1 - HIGH 2019-09-23 2019-09-24
CVE-2018-1000836 bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient... 9 - CRITICAL 2018-12-20 2019-02-07
CVE-2018-20000 Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local fil... 7.5 - HIGH 2018-12-10 2019-01-24
CVE-2017-1000221 In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and ... 6.5 - MEDIUM 2017-11-17 2019-10-03
CVE-2017-1000071 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authent... 8.1 - HIGH 2017-07-17 2019-10-03
CVE-2015-1169 Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via... 7.5 - HIGH 2015-02-10 2015-02-11
CVE-2014-4172 A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Jav... 9.8 - CRITICAL 2020-01-24 2020-02-12

Known software with vulnerabilities from Apereo

Type Vendor Product Version Cas Client1.0.2
ApplicationApereoCas Server3.4.12.1
ApplicationApereoCentral Authentication Service3.0
ApplicationApereoJava Cas Client3.3.2

Popular searches for "Apereo"

Welcome to Apereo | Apereo

Welcome to Apereo | Apereo Xerte makes it easy to create rich, interactive learning content as part of a team. At the University of Nottingham learning technologists, media specialists, software developers and teachers use Xerte's collaborative workflow to create pedagogically sound, rich interactive learning content - playable anywhere. Sakai's flexibility and freedom from licensing costs provided a one-stop way to onboard incoming freshmen and transfer students, and dramatically reduce cost and effort. After reviewing their options, SPC adopted Apereo Student Success Plan SSP . Interactive Learning Student Content (media) Workflow Learning Programmer Technology Pedagogy University of North Carolina at Chapel Hill License Masaryk University Collaboration Sakai (software) St. Petersburg College Freshman Mass media Accessibility Faculty (division) Foreign language Collaborative software

CAS | Apereo

CAS | Apereo An open-source Java server component. Pluggable authentication support LDAP, database, X.509, 2-factor . Support for multiple protocols CAS, SAML, OAuth, OpenID . A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others. Java (programming language) Communication protocol Server (computing) UPortal Open-source software X.509 Lightweight Directory Access Protocol Database OpenID OAuth Security Assertion Markup Language Perl PHP Authentication Library (computing) .NET Framework Client (computing) Apache License Apache HTTP Server Moodle